php使用ssl连接数据库,php – MYSQLi和ssl连接到数据库服务器

我使用php建立ssl连接有一些奇怪的问题.

我有网络和数据库服务器.我两个都通过openssl生成了证书.它们完全一样.

所以我试图使用mysql命令从webserver连接：

mysql -h 10.1.1.1 -uroot -p

Password

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 71

Server version: 5.5.5-10.1.19-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

所以现在我想看看它是否真的是ssl：

mysql> status;

--------------

mysql Ver 14.14 Distrib 5.6.33, for Linux (x86_64) using EditLine wrapper

Connection id: 71

Current database:

Current user: root@10.1.1.2

SSL: Cipher in use is DHE-RSA-AES256-SHA

Current pager: stdout

Using outfile: ''

Using delimiter: ;

Server version: 5.5.5-10.1.19-MariaDB MariaDB Server

Protocol version: 10

Connection: 10.1.1.1 via TCP/IP

Server characterset: latin1

Db characterset: latin1

Client characterset: utf8

Conn. characterset: utf8

TCP port: 3306

Uptime: 1 hour 6 min 51 sec

Threads: 1 Questions: 153 Slow queries: 0 Opens: 21 Flush tables: 1 Open tables: 15 Queries per second avg: 0.038

--------------

mysql>

所以我看到建立了连接.我写了一些php脚本来连接我的数据库：

ini_set ('error_reporting', E_ALL);

ini_set ('display_errors', '1');

error_reporting (E_ALL|E_STRICT);

$db = mysqli_init();

mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);

$db->ssl_set('/etc/mysql/newcerts/client-key-rsa.pem', '/etc/mysql/newcerts/client-cert.pem', '/etc/mysql/newcerts/ca-cert.pem', NULL, NULL);

$link = mysqli_real_connect ($db, '10.1.1.1', 'root', 'xxxxxx', 'mysql', 3306, NULL, MYSQLI_CLIENT_SSL);

if (!$link)

{

die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "\n");

} else {

$res = $db->query('SHOW TABLES;');

print_r ($res);

$db->close();

}

?>

但是现在当我在我的网络服务器上运行这个脚本时,我收到了这个错误：

[root@web-01 config]# php test.php

Warning: mysqli_real_connect(): Unable to locate peer certificate CN in /home/extranet/app/config/test.php on line 10

Warning: mysqli_real_connect(): Cannot connect to MySQL by using SSL in /home/extranet/app/config/test.php on line 10

Warning: mysqli_real_connect(): [2002] (trying to connect via tcp://10.1.1.1:3306) in /home/extranet/app/config/test.php on line 10

Warning: mysqli_real_connect(): (HY000/2002): in /home/extranet/app/config/test.php on line 10

Connect error (2002):

这太奇怪了.我试过mysql_connet(),它有效……

有任何想法吗 ？？

我使用的是PHP 5.6.25

编辑：

当然,我还在我的网络服务器.my.cnf文件中添加了一行：

[client]

port=3306

ssl-ca=/etc/mysql/newcerts/ca-cert.pem

ssl-cert=/etc/mysql/newcerts/client-cert.pem

ssl-key=/etc/mysql/newcerts/client-key-rsa.pem

从webserver命令行也可以正常工作：

mysql -h 10.1.1.1 -u root --password \

--ssl \

--ssl-ca /etc/mysql/newcerts/ca-cert.pem \

--ssl-cert /etc/mysql/newcerts/client-cert.pem \

--ssl-key /etc/mysql/newcerts/client-key-rsa.pem \

证书用户/组/权限

[root@web-01 newcerts]# ls -alZ

drwxr-xr-x root root ? .

drwxr-xr-x root root ? ..

-rw-r--r-- root root ? ca-cert.pem

-rw-r--r-- root root ? ca-key.pem

-rw-r--r-- root root ? client-cert.pem

-rw-r--r-- root root ? client-key.pem

-rw-r--r-- root root ? client-key-rsa.pem

-rw-r--r-- root root ? client-req.pem

-rw-r--r-- root root ? server-cert.pem

-rw-r--r-- root root ? server-key.pem

-rw-r--r-- root root ? server-req.pem

SELinux被禁用：

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of these two values:

# targeted - Targeted processes are protected,

# minimum - Modification of targeted policy. Only selected processes are protected.

# mls - Multi Level Security protection.

SELINUXTYPE=targeted